Multiple critical vulnerabilities in all VMware products
VMware has announced several privilege escalation and denial of service vulnerabilities affecting every single supported VMware product, including the flagship VMware ESX server product line. Some of the issues could potentially allow users in a guest VM to execute code on the host, so these are critical problems.
Interestingly, the issues are not in the virtualization technology itself but in supporting services like the DHCP service and components of the Linux-based admin console in VMware ESX such as Samba and cron.
Secunia has posted some details . The official announcement from VMware seems to have only gone out to subscribers of their security mailing list (I can’t find it on their web site) but Full Disclosure has a copy here .
Now, is there anyone who still wants to argue that isolation of VMware guests is just as good as physical servers? Even if the virtualization mechanism itself is sound (which is still an very risky assumption to make), bugs in the guest-to-host communication components or admin components could be exploited.
Related posts: